1 |
On 06/20/2013 05:27 AM, Zac Medico wrote: |
2 |
> On 06/19/2013 08:25 PM, Zac Medico wrote: |
3 |
>> On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote: |
4 |
>>> I was surprised by repoman just dropping FEATURES="sign" . I'm aware |
5 |
>>> that at that time it has to commit an updated Manifest to prevent |
6 |
>>> breakages, so if gpg fails it proceeds, but is there something it could |
7 |
>>> do to check gpg sanity before committing anything? |
8 |
Failing at the password prompt (two chances on regular pinentry) also |
9 |
results in this behaviour. |
10 |
|
11 |
>> It seems the simplest way to go would be to do a test signature before |
12 |
>> commit, as suggested here: |
13 |
>> |
14 |
>> https://bugs.gentoo.org/show_bug.cgi?id=298605 |
15 |
>> |
16 |
>> Is it okay to assume that everyone uses gpg-agent, so they won't have to |
17 |
>> enter the passphrase more than once? |
18 |
I have a remote (ssh) test-box to work on the tree, I don't want to |
19 |
cache my decrypted key there. |
20 |
Having the crypted version there is bad enough, but GPG_AGENT protocol |
21 |
only exchanges passwords (unlike SSH_AGENT). GPG_AGENT forwarding over |
22 |
SSH can be done with a general unix domain socket forwading hack [1]. |
23 |
|
24 |
> Or, we could skip the test signature if the GPG_AGENT_INFO variable is |
25 |
> not set? |
26 |
It's a clue, but the key-cache can be expired and a bad password entry |
27 |
can still result in failure. |
28 |
|
29 |
[1] http://25thandclement.com/~william/projects/streamlocal.html |
30 |
|
31 |
|
32 |
-- |
33 |
Michael Weber |
34 |
Gentoo Developer |
35 |
web: https://xmw.de/ |
36 |
mailto: Michael Weber <xmw@g.o> |